Content, for example, videos, music, and the like, is provided to users via various kinds of media including a DVD (Digital Versatile Disc), a Blu-ray Disc (registered trademark), a flash memory, a network such as the Internet, broadcasting waves, and the like. The users can reproduce the content using, for example, a recording and reproduction device such as a PC, a mobile terminal, or a BD player, or various kinds of information processing devices such as a television.
However, producers or distributors of many kinds of content such as music data, image data, and the like provided to users hold copyrights, distribution rights, and the like. Thus, in many cases when content is provided to the users, content providers impose restrictions on content uses.
There is a problem arising in digital recording devices and recording media in that, since recording and reproduction can be repeated without deteriorating images and sounds, uses of unauthorized copied content including distribution of such unauthorized copied content through the Internet or distribution of so-called pirated discs are prevalent.
In order to stop such unauthorized copying of data, various technologies for preventing illegal copying using digital recording devices and recording media have been put into practice.
For example, a content encryption process is an aspect thereof. A key used in decrypting encrypted data is given only to a reproduction device that owns a license that is a content use right. Such a license is given to reproduction devices that are designed to comply with predetermined operation regulations, for example, prohibition of unauthorized copying. On the other hand, since a reproduction device that does not own a license does not have a key used in decrypting encrypted data, it is difficult to decrypt such encrypted data.
However, even when content has been encrypted as described above, unauthorized uses of content are prevalent in the present state.
An example of an unauthorized use of content will be described in detail.
A configuration in which a content server distributes encrypted content to a user device, for example, a user device of a recording and reproduction device, a PC, or a mobile terminal, or the like is assumed.
When the content server distributes the encrypted content to the user device, the content server distributes the following pieces of data to the user device via, for example, a network:
(a) the encrypted content
(b) an encryption key applied to encryption and decryption of the encrypted content.
When the same content such as the same movie is provided to a number of user devices, for example, there are, for example, two process aspects as follows as process aspects executed by the content server.
(A) Different pieces of encrypted content are generated by applying different individual encryption keys, and provided to each of the user devices.
(B) The same encrypted content obtained from encryption using the same encrypting key is generated and provided to the plurality of user devices.
When security for preventing unauthorized uses of the content is considered, the process (A) described above is effective.
In order to perform the process (A) described above, however, there are problems in that a process of generating individual pieces of encrypted content by setting individual encryption keys for a number of respective users is necessary and a processing load on the server caused by generation and management of the encryption keys, a generation process of the encrypted content, and the like increases according to the number of users to whom the content is distributed.
Thus, in many cases, the process (B) described above, in other words, a process of generating the same encrypted content obtained from encryption using the same encryption key and providing the same content to a plurality of users is performed.
For example, one encryption key (=a title key) is set with respect to content with a certain title, the same encrypted content is generated by applying the one title key, and then the following data set is distributed to a number of users:
(a) the encrypted content; and
(b) the title key.
By performing the process, a processing load imposed on the content server is reduced.
Note that, hereinafter, description will be provided referring to an encryption key set in units of titles of content as a “title key.”
Note that the title key is applied to encryption and decryption processes of encrypted content of the title.
However if the same data set, in other words, a combination of the same data of:
(a) the encrypted content; and
(b) the title key,
is distributed to a number of users as described above, there is a possibility of the following process being performed by a certain “unauthorized user.”
(1) The “unauthorized user” reads the title key received from the server and discloses the read title key to a number of unspecified users.
Alternatively,
(2) the “unauthorized user” uses a title key A corresponding to certain encrypted content A to encrypt totally different content B, and distributes combined data of
(X) the title key A; and
(Y) the encrypted content B encrypted using the title key A
to a number of unspecified users.
There is a possibility of execution of such an unauthorized use.
When the process (1) described above is performed, for example, a number of the users who have acquired the title key that had been disclosed without authorization illegitimately use the content encrypted using the title key.
In addition, when the process (2) described above is performed, an unauthorized data set generated by the “unauthorized user” described above, in other words,
(X) the title key A; and
(Y) the encrypted content B encrypted using the title key A
are acquired from the “unauthorized user,” which leads to unauthorized uses of the encrypted content B by a number of the users.
As a result, the number of users who are willing to formally purchase the original formal data set, in other words, the encrypted content B and a title key B corresponding to the encrypted content B, reduces, and accordingly, profits earned by the owner(s) of the copyright and distribution right are significantly lessened.
Furthermore, a specific example of an unauthorized process will be described.
A content server is assumed to retain the following data sets (1) to (3) of encrypted content (C) and title keys (Kt).
(1) (Kt11, C11)
(2) (Kt12, C12)
(3) (Kt13, C13)
Wherein Cnn indicates a content file and Ktnn indicates a title key used in encryption of content.
(Kt11, C11) is a data set of a title key (Kt11) and content (C11) that has been encrypted using the title key (Kt11).
For example, a certain “unauthorized user Ux” is assumed to purchase a total of the three data sets described above, which are:
(1) (Kt11, C11);
(2) (Kt12, C12); and
(3) (Kt13, C13).
It is assumed that the purchase process itself is performed according to a predetermined legitimate purchase procedure implemented between a user device owned by the “unauthorized user Ux,” for example, a PC and the content server.
The “unauthorized user Ux” records the data sets (1) to (3) described above in a medium such as a hard disk of, for example, the PC that is the user device.
The “unauthorized user Ux” reads the data sets (1) to (3) described above from the medium such as a hard disk of a user device PC such as a PC, and decrypts all pieces of the encrypted content first, thereby obtaining the following data.
Title keys: Kt11, Kt12, and Kt13
Decrypted content: C11, C12, and C13
Note that, when a formal content reproduction program is used in an authorized reproduction device, it is not possible to read title keys from outside; however, there is a possibility of the title keys being read using a method of installing an unauthorized program in a device such as a PC or the like, and it is difficult at present to completely prevent the title keys from being read.
Furthermore, the “unauthorized user Ux” generates:C11∥C12∥C13,
which is data obtained by connecting the pieces of decrypted content of C11 to C13, and encrypts the connected data using the title key Kt11.
In other words, the following data set is generated:(Kt11,C11∥C12∥C13), andthis data set is, for example, distributed via a network without authorization, sold at a low price, or provided to many users free of charge.
When the process as described above is performed, many general users can acquire the illegitimately created data set, in other words, the unauthorized data set of (Kt11, C11∥C12∥C13), from the “unauthorized user Ux.”
This data set includes a set of pieces of data, which are
(a) the encrypted content obtained from encryption using the title key Kt11; and
(b) the title key Kt11, and
has the same data configuration as data set content provided from a formal content provider to users.
Therefore, a legitimate reproduction device that retains a legitimate content reproduction program with a license can decrypt and reproduce the encrypted content [C11∥C12∥C13] using the title key Kt11 without problems.
As a result, unauthorized uses without formally purchasing content are prevalent, the number of users who formally purchase the content of C11 to C13 and the like accordingly reduces, and thereby profits of legitimate right holders are impaired.
Further detailed description will be provided. For example, in series content, for example, a drama or the like that is constituted by 12 titles of Episode 1 to Episode 12, it is assumed that a content purchase unit is set in units of episodes:
            Episode      ⁢                          ⁢      1        =          (                        Kt          ⁢                                          ⁢          01                ,                  C          ⁢                                          ⁢          01                    )                  Episode      ⁢                          ⁢      2        =          (                        Kt          ⁢                                          ⁢          02                ,                  C          ⁢                                          ⁢          02                    )                  Episode      ⁢                          ⁢      3        =          (                        Kt          ⁢                                          ⁢          03                ,                  C          ⁢                                          ⁢          03                    )        ⋮            Episode      ⁢                          ⁢      12        =                  (                              Kt            ⁢                                                  ⁢            12                    ,                      C            ⁢                                                  ⁢            12                          )            .      
In such a case, one “unauthorized user” purchases all of the series of 12 titles including Episode 1 to Episode 12, connects the content of Episode 1 to Episode 12 of C01 to C12, then generates a data set re-encrypted using the title key Kt01 corresponding to Episode 1, that is,(Kt01,C01∥C02∥C03 . . . ∥C12), anddiscloses the data set on a network. Alternatively, the user performs a process of selling the data set without authorization.
In this case, it is possible for a number of user devices to acquire, reproduce and use the unauthorized data set (Kt01, C01∥C02∥C03 . . . ∥C12) generated by the “unauthorized user.”
It is assumed that, for example, a normal price per unit of each episode among the 12 episodes described above is 2,000 yen.
In this case, if all of the 12 episodes are purchased, the total price is:12×2,000 yen=24,000 yen.
The “unauthorized user” sells the unauthorized data set (Kt01, C01∥C02∥C03 . . . ∥C12) at a price of, for example, 6,000 yen. In this case, many users purchase the cheaper content, formal content sales are hindered as a result, and profits and rights of the original owner(s) of the copyrights and distribution rights are infringed.
In addition to the example described above, by using the title key Kt11 set corresponding to one piece of content C11 in encryption of various pieces of content Cxx which are irrelevant to the above content, Cxx can be set in various kinds of content formats such as content (Kt11, Cxx), and accordingly, there is a problem in that all pieces of content can be unlimitedly decrypted and reproduced using the one title key.
In other words, even if a reproduction device by which reproduction of plain text content is prohibited is created, the same decryption and reproduction as those of formally purchased content are possible using the unauthorized data set.
Furthermore, the “unauthorized user” can also make it possible to replace the title key and to set re-encryption as a service, and can behave as if he or she were an authorized server.
As described above, it is difficult to prevent unauthorized uses of content with only a countermeasure of the content encryption process.
As an unauthorized content use elimination technique different from the encryption process, there is a technique of causing a reproduction device to verify content tampering. When any change (tampering) is made in content in the course of distributing unauthorized content, for example, uses of such tampered content can be stopped by applying the technique.
To be specific, a user device that reproduces content has a control configuration configured such that content reproduction is permitted only when a verification process of content tampering is executed and the content is confirmed to be free from tampering, and content reproduction is not executed when tampering with content is determined.
For example, Patent Literature 1 (JP 2002-358011A) discloses a control configuration in which a hash value is calculated from a content file to be reproduced, comparison to a reference hash value prepared in advance, in other words, a reference hash value that has been calculated based on authorized content data, is performed, and when the newly computed hash value is the same as the reference hash value, absence of content tampering is determined, and accordingly a content reproduction process is performed.
However, when the process of computing the hash value based on content is performed as described above, if a capacity of content data as original data for the computation of the hash value is large, a processing load and processing time necessary for the calculation increase. In recent years, as higher quality moving image data has progressed, there are many cases in which one piece of content has a data amount of several GB to dozens of GB. When a user device that executes content reproduction is caused to perform the process of computing a content hash value based on data of a large capacity, there are problems of excessive data processing performance required for the user device, and of inefficiency in performing the content reproduction process due to lengthening of a time necessary for verifying the content.
In addition, Patent Literature 2 (JP 4576936B) discloses a configuration in which hash values for respective hash units set as fragmented data of stored content of an information recording medium are recorded in a content hash table and stored in the information recording medium together with the content.
According to the disclosed configuration, an information processing device that executes content reproduction executes a hash value reference process based on one or more hash units selected at random. According to the configuration, regardless of a data amount of content, computation and reference processes of the hash values are possible based on the hash units of a small data amount, and efficient convent verification in a user device that executes content reproduction is possible.
However, the configuration described in Patent Literature 2 is based on the premise of the process performed on the stored content of the information recording medium. The disclosed configuration can be used when, for example, the hash values are recorded on the medium together with content at the time of manufacturing the information recording medium; however, there is a problem in that the configuration is difficult to apply to content downloaded from, for example, a server.
In addition, there is another problem in that both Patent Literature 1 and Patent Literature 2 described above focus on verification of content tampering, and thus have a difficulty in controlling distribution of unauthorized copied content that has not been tampered with.
As described above, the content encryption and tampering verification processes as techniques of the related art currently do not exhibit satisfactory preventive effects against distribution of unauthorized copied content and disclosure of a content encryption key.